GLOBY - Privacy Policy

1) Who We Are (Data Controller)
Zace Tech OÜ (“Globy”, “we”), address: Ahtri tn 12, 15551 Tallinn, Estonia, is the data controller for personal data processed via Globy websites and the Globy eSIM app. Contact: info@globyteam.com.

2) Scope & Legal Bases (GDPR)
We process personal data under the EU GDPR and applicable laws, based on:
• Contract performance (provide the Service, process purchases, support);
• Legitimate interests (security, fraud prevention, service analytics);
• Consent (marketing emails/push, certain analytics/cookies);
• Legal obligations (tax, accounting, compliance). Where applicable to Turkish users, we also consider KVKK requirements.

3) Data We Collect
You provide: email, name/surname (if provided), country/region (if provided), support messages.
Automatically collected: device model/OS, app version, IP address, approximate location (via IP), usage/analytics events, crash logs, transaction metadata (e.g., transaction ID, currency, status).
Payments: We do not store card data. Payment credentials are handled by Stripe. We receive limited metadata for reconciliation and fraud prevention.
eSIM & orders: order details (destination, plan size/days, price, currency, timestamps), status, usage counters provided by Supplier where applicable.
Children & Accounts. Accounts must be created by individuals 18+. Minors may use the Service only under a parent/guardian account. We do not knowingly solicit data directly from children.

4) Purposes of Processing
• Account creation and authentication;
• Purchase processing and delivery of eSIM plans;
• Fraud prevention and security;
• Customer support and service communications;
• Service analytics and product improvement;
• Marketing communications only with consent.

5) Cookies & Similar Technologies
We may use cookies/SDKs for essential operations, performance analytics, and (where consented) marketing attribution. You can manage preferences via device/browser settings. Some features may not function without certain cookies/SDKs.

6) Sharing & Transfers
We share data with trusted processors only as needed to provide the Service:
• Google Cloud / Firebase (GCP) – hosting, database, analytics, crash reporting;
• Stripe – payment processing (incl. Apple Pay, Google Pay, PayPal via Stripe);
• Postmark – transactional email delivery;
• Telecom Suppliers – to activate and maintain your eSIM plan where required by the Supplier;
• Anti‑fraud & compliance tools (where applicable) – to prevent abuse and comply with legal obligations.
Some providers may process data outside the EEA. Where such transfers occur, we rely on GDPR‑compliant safeguards (e.g., Standard Contractual Clauses) and implement appropriate technical and organizational measures.

7) Retention
We retain personal data only as long as necessary for the purposes above:
• Account data: life of the account + up to 24 months;
• Transaction/financial records: 7 years (legal obligations);
• Support tickets: up to 24 months after closure;
• Analytics events: typically 18–24 months in aggregated form.
We may anonymize or aggregate data for longer retention.

8) Your Rights
Subject to GDPR and local laws, you have the right to access, rectify, erase, restrict, object, and data portability; and to withdraw consent at any time (for consent‑based processing). You also have the right to lodge a complaint with your local authority or the Estonian Data Protection Inspectorate. To exercise rights: info@globyteam.com.

9) Children
The Service is not directed to children. Users under 18 should use the Service under parental supervision via a guardian account. We do not knowingly collect data directly from children.

10) Security
We apply appropriate administrative, technical and organizational measures (access controls, encryption in transit/at rest where supported by our providers, and least‑privilege access). No method of transmission or storage is 100% secure.

11) Marketing Communications
We send marketing emails/push only with your consent. You can opt out at any time via in‑app settings or the unsubscribe link. Transactional messages (e.g., receipts, service notices) are still sent.

12) Changes
We may update this Policy. The latest version will be available in‑app/website with an updated effective date.
Contact (Data Protection): info@globyteam.com